MS-CHAP2-Response is incorrect

omega bk omegabk at
Fri Mar 12 17:57:28 CET 2010


just one question. (if you have time :-) )

my client is a windows xp wired 802.1x (native supplicant)
i got user called bernard in opnldap database
trying to authenticate my user through freeradius.

i got this : ( my debug output il too large so i just put the error section)

[ldap] performing user authorization for bernard
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
[ldap]     ... expanding second conditional
[ldap]     expand: %{User-Name} -> bernard
[ldap]     expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard)
[ldap]     expand: dc=example,dc=com -> dc=example,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=example,dc=com, with filter (cn=bernard)
[ldap] Added User-Password = test  in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] userPassword -> Cleartext-Password == "test "
[ldap] looking for reply items in directory...
[ldap] user bernard authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
*Found Auth-Type = EAP*
+- entering group authenticate {...}
*[eap] Request found, released from the list*
*[eap] EAP/mschapv2
[eap] processing type mschapv2*
*[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: MS-CHAP2-Response is
incorrect                                   **=> what does it mean ?
++[mschap] returns reject*
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.

thank u so much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list